Skip to content

Simple kubectl plugin to take pod name, SSH onto node and spawn an nsenter shell

Notifications You must be signed in to change notification settings

towolf/kubectl-nsenter

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

kubectl-nsenter

Simple kubectl plugin to take pod name, SSH onto node and spawn an nsenter shell.

❗ Since we use crictl, this plugin may only work with containerd and not with straight Docker ..

So, I made a quick plugin for kubectl that allows to enter the network namespace of the pod to run things like netstat, tcpdump, dig, etc pp

The node (if it is a full-blown OS like Ubuntu 18.04) has all the debugging tools needed, and so FROM scratch containers or containers runnning as non-root can be debugged from the host using nsenter to join the network namespace or the PID namespace of the container.

  1. Retrieve node name
  2. SSH onto node
  3. Use crictl to obtain pod ID
  4. Use crictl to obtain container ID
  5. Use crictl to obtain target PID
  6. Use nsenter to join process namespace
  7. Spawn bash as debug shell

Installation

Download, make executable, and move to PATH.

Usage

$ kubectl nsenter --help
SSH into Kubernetes nodes and nsenter into network namespace of a pod

Example:

  kubectl nsenter -n goe-dev api-dev-6d94fd5c98-xqdv5 -c php

Options:

  -n, --namespace='': Namespace of the pod
  -c, --container='': Name of container of a pod

About

Simple kubectl plugin to take pod name, SSH onto node and spawn an nsenter shell

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages